CVE-2019-9825 Information

Description

FeiFeiCMS 4.1.190209 allows remote attackers to upload and execute arbitrary PHP code by visiting index.php?s=Admin-Index to modify the set of allowable file extensions as demonstrated by adding php to the default jpggifpngjpeg setting and then using the \add article\ feature.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

http://blog.whiterabbitxyj.com/cve/FeiFeiCMS_4.1_code_execution.doc https://github.com/WhiteRabbitc/WhiteRabbitc.github.io/blob/master/cve/FeiFeiCMS_4.1_code_execution.doc

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8